Note: this article was originally published on TechCrunch on June 28, 2017.
Cloud computing is driving growth at 3 of the 5 most valuable companies in the world. AI will impact jobs only as quickly as AI-powered business software evolves. These are just two of the ramifications of disruptions in enterprise technology permeating mainstream media.
Yet the inner workings of the tightly knit enterprise software industry are rarely publicized. Most talented engineers flock to Instagram and Snapchat where they help The Kardashians hyper-optimize selfies. Taking part in the B2B subculture of Silicon Valley feels like a second-rate option.
Clayton Christensen recently tweeted that “any strategy is (at best) only temporarily correct.” The paradox behind this statement is that great managers hyper-optimize their business lines for profit only to see new entrants come in to take all the money off the table. This type of perfect competition can shoot a company off the edge of a cliff.
Creative disruption a la Apple and Amazon is the answer, but little is discussed of startups catapulting their own successes into new markets. We usually only hear of the overnight success stories like Facebook. But with technology change reaching tornado speed and the pathway from David to Goliath longer than ever, change is important for startups to embrace early and often. For entrepreneurs eager to endure in the competitive and complicated markets of enterprise software, I’d like to offer up an anecdote of our portfolio company vArmour evolving its platform strategy for a new sprint at competitive advantage in the security software industry.
Note: this article was originally published on Forbes on September 23, 2016.
Two bad companies don’t make a good one, and two old ones don’t either. This common analyst tag line is synonymous with industry consolidation, which has been quite the buzzing topic in the security sector with the uptick in M&A announcements. For those still catching up on the news: Oracle just bought Palerra, Cisco bought Cloudlock, Symantec bought Blue Coat, Vista Equity Partners bought Ping Identity and Infoblox, and more. For additional background, Steve Herrod of General Catalyst wrote a poignant article that describes the forces at play here.
The old guard buying up the new is certainly exciting news for early-stage security entrepreneurs and VCs. But is M&A really the salve for legacy company woes? As an early-stage investor in security startups, this is a constant topic of debate. Seeing how large security vendors plan inorganic growth strategies in my prior consultations as an industry analyst, I’d like to contribute some perspective on the rising M&A trend by way of examining the possible set of strategies and outcomes. We believe cybersecurity industry consolidation takes many forms, not all to the benefit of incumbents.
Contrary to popular belief, there are very few ‘a-ha’ moments in VC. Startups are on a 10-year lifecycle and despite all the stimulation and exposure, there’s a modicum of tangible wins (or clear cut failures) to learn from. Last week I had one of these ‘a-ha’ moments catching up with our Work-Bench portfolio company vArmour that speaks to the eye-widening impact of distributed security systems.
We were discussing the company’s new cyber deception product launch. In summary, the team is bringing a step-function improvement to honeypots, making what was for years an esoteric security practice due to complexity and performance requirements a reality for the masses.
After a boisterous 2015, 2016 looks gloomy for the cybersecurity industry as the market correction and uncertain macro economic environment set in. Last year, investors on Sand Hill Road poured $3.8 billion into security startups, many of which will not make it to the end of this year.
The uncertainty stems well beyond valuations. Entrepreneurs and their investors assumed the chief information security officers (CISO) would clamor for new budget to embrace all of the latest security technology in a bout of paranoia. From our vantage point as an enterprise IT investor in New York, the sentiment in the buyer market is far more rooted in practicality. “I don’t want more budget, I just want a solution that works,” said the CISO of a multinational pharmaceutical and medical device manufacturer in the trenches of evaluating new security technologies fit for cloud environments.
Why are many new security products ill-fit for the enterprise? Smart entrepreneurs with expertise in big data and other technology domains are entering the industry expecting a gold rush. Few, however, have the security expertise to build a product tuned to customer requirements. For example, this year the RSA Conference was swarming with Silicon Valley machine learning experts touting preventative security analytics. Without domain expertise and proof beyond theory, it’s all just “snake oil,” as a Global 2000 security director recently commented to me. Despite this skepticism, Forrester Research pegs 2015 spend on cloud security solutions at half a billion dollars.
Earlier this fall I published an article predicting that a new class of AI-powered applications will reshape the workplace by automating away the individual tasks that make up our jobs. Most of the companies featured in the landscape are early stage startups.
I recently had an interesting conversation with someone who argued against the viability of artificial intelligence startups, given the tremendous budgets and development resources large tech companies like IBM are committing to develop broader platforms — the premise being that these platforms will fill each niche application startups try to carve out (think scheduling meetings or answering common customer services requests).
Much like the evolution of systems design, IT-enabled process change ebbs and flows over time. We see this in history as each technology revolution brings with it a refactoring of business operations.
With the rise of client/server computing in the 1980s, and the introduction of database servers and visual development tools like PowerBuilder, “business process re-engineering” became all the craze during the 1990s.
By 1993, 60 percent of the Fortune 500 developed IT systems to automate mundane tasks like insurance claims processing or AP invoice/purchase order reconciliation, channeling the mandate of technology-led business transformation in Michael Hammer’s infamous 1990 HBR article, “Don’t Automate, Obliterate.”